ANCOM it is certified against SR EN ISO/IEC 27001: 2018
Information security policy
ANCOM's mission is to protect the interests of communications users in Romania, by promoting competition in the communications market, managing limited resources, encouraging efficient investments in infrastructure and promoting innovation. Through its activity, ANCOM aims for all the inhabitants of Romania to enjoy quality communication services, at fair prices, and for the operators to develop through innovation.
In order to fulfil ANCOM's mission and objectives, information, information systems and communication networks represent strategic internal resources for the Authority. Therefore, ANCOM makes sure to implement all security measures necessary for their protection so as to permanently ensure the confidentiality, integrity and availability of information within the Authority's IT systems.
ANCOM shall take all necessary measures to protect information resources against external or internal threats, deliberate or accidental, in order to ensure:
·       maintaining the confidentiality, integrity and availability of information;
·       the use, where applicable, of the authenticity and non-repudiation of information;
·       ensuring an adequate framework for managing information security risks, for them to be correctly identified, analysed and evaluated;
·       protecting information against threats and unauthorized access;
·       training, development of professional skills and awareness of the importance of information security among employees;
·       ensuring the existence of a plan for business continuity;
·       establishing an information security incident management framework;
·       fulfilment of the legal, regulatory and contractual requirements applicable in the field of activity of the Authority;
·       promoting and developing a security culture and integrating it into the organizational culture.
ANCOM adopts a set of policies in the field of information security, which detail the general principles regarding the protection of information resources in specific areas such as: internal organization, relationship with third parties, human resources management, physical security, communications and operations management, access control, security incident management , continuity of activity, ensuring compliance with the legal norms in force, with the internal regulatory norms and with the contractual provisions.
To this end, each employee, regardless of their hierarchical position, must know and contribute to the achievement of specific objectives, be aware of the importance of the risks/opportunities related to their own activity and constantly focus on ensuring information security in their area of ​​responsibility, so that the overall performance of the Authority is continuously improved.
The policy regarding information security and the associated management methods are constantly being harmonized with the strategic directions of ANCOM. Furthermore, the maintenance and development of the Information Security Management System (ISMS), in accordance with the requirements of the SR ISO/CEI 27001 standard, shall be ensured. ISMS will be constantly monitored through internal audits and periodic analyses conducted by management and will be improved by applying corrective methods resulting from the audit and monitorization.